CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1989 – CODESYS Visualization vulnerable to user enumeration
https://notcve.org/view.php?id=CVE-2022-1989
23 Aug 2022 — All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users. Todas las versiones de CODESYS Visualization anteriores a V4.2.0.0, generan un diálogo de inicio de sesión vulnerable a una exposición de información que permite a un atacante remoto no autenticado enumerar usuarios válidos. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17142&token=a3696ab41fef800d2eaee8043d40d5fbe94277fd&download= • CWE-203: Observable Discrepancy CWE-204: Observable Response Discrepancy •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2022-30792 – CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels
https://notcve.org/view.php?id=CVE-2022-30792
11 Jul 2022 — In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected. En CmpChannelServer de CODESYS versión V3 en múltiples versiones un consumo no controlado de recursos permite a un atacante no autorizado bloquear nuevas conexiones de canales de comunicación. Las conexiones existentes no están afectadas • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download= • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2022-30791 – CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections
https://notcve.org/view.php?id=CVE-2022-30791
11 Jul 2022 — In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected. En CmpBlkDrvTcp de CODESYS versión V3 en múltiples versiones un consumo no controlado de recursos permite a un atacante no autorizado bloquear nuevas conexiones TCP. Las conexiones existentes no están afectadas • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download= • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1794 – Plaintext Storage of a password in CODESYS V3 OPC DA Server
https://notcve.org/view.php?id=CVE-2022-1794
11 Jul 2022 — The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system. El CODESYS OPC DA Server versiones anteriores a V3.5.18.20, almacena las contraseñas del PLC como texto plano en su archivo de configuración, de modo que es visible para todos los usuarios autorizados de Microsoft Windows del sistema • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17129&token=1c1485c4a700c04f2069699f5be7558d276ca117&download= • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32143 – CODESYS runtime system prone to directory acces
https://notcve.org/view.php?id=CVE-2022-32143
24 Jun 2022 — In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously successfully authenticated himself to the controller. A successful Attack may lead to a denial of service, change of local files, or drain of confidential Information. User interaction is not required En Diversos prod... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download= • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32142 – CODESYS runtime system prone to denial of service due to use of out of range pointer
https://notcve.org/view.php?id=CVE-2022-32142
24 Jun 2022 — Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which can cause an out-of-bounds read or write access, resulting in denial-of-service condition or local memory overwrite, which can lead to a change of local files. User interaction is not required. Diversos productos CODESYS son propensos a un acceso de lectura o escritura fuera de límites. Un atacante remoto poco privilegiado puede diseñar una petición con... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download= • CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32141 – CODESYS runtime system prone to denial of service due to buffer over read
https://notcve.org/view.php?id=CVE-2022-32141
24 Jun 2022 — Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a denial-of-service condition. User interaction is not required. Diversos productos CODESYS son propensos a una lectura excesiva del buffer. Un atacante remoto poco privilegiado puede diseñar una petición con un desplazamiento no válido, que puede causar una sobre lectura del búfer interno, resultando en una condici... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download= • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32140 – CODESYS runtime system prone to denial of service due to buffer copy
https://notcve.org/view.php?id=CVE-2022-32140
24 Jun 2022 — Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition. User Interaction is not required. diversos productos de CODESYS están afectados por un desbordamiento de búfer. Un atacante remoto poco privilegiado puede diseñar una petición, que puede causar una copia del búfer sin comprobar el tamaño del servicio, resultando en una condición de... • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download= • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32139 – CODESYS runtime system prone to denial of service due to out of bounds read
https://notcve.org/view.php?id=CVE-2022-32139
24 Jun 2022 — In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. User Interaction is not required. En diversos productos de CODESYS, un atacante remoto poco privilegiado puede diseñar una petición que cause una lectura fuera de los límites, resultando en una situación de denegación de servicio. No es requerida una interacción del usuario • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download= • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32138 – CODESYS runtime system prone to denial of service due to Unexpected Sign Extension
https://notcve.org/view.php?id=CVE-2022-32138
24 Jun 2022 — In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or memory overwrite. En diversos productos CODESYS, un atacante remoto puede diseñar una petición que puede causar una extensión de signo inesperada, resultando en una condición de negación de servicio o sobreescritura de memoria • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download= • CWE-194: Unexpected Sign Extension •